2 matches found
Improper Certificate Validation
github.com/hashicorp/vault is vulnerable to Improper Certificate Validation. The vulnerability is due to insufficient validation of client certificates when a non-CA certificate is configured as trusted. This flaw leads to authentication bypass using the TLS certificate auth method with non-CA...
CVE-2022-41316
A flaw was found in HashiCorp Vault and Vault Enterprise. Vault’s TLS certificate auth method did not initially load the optionally-configured CRL issued by the role’s Certificate Authority CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been...